CipherTrust Flex Utilities connector

CipherTrust Transparent Encryption Ransomware Protection (CTE-RWP) from Thales aims to protect critical data in an organization from ransomware attacks and malicious encryption activity. It is an optional feature of CipherTrust Transparent Encryption (CTE) that provides an additional layer of defense focused on detecting and blocking ransomware behavior in real time.

Active Ransomware Detection and Blocking
A key use case of CTE-RWP is the continuous monitoring of processes and their input/output (I/O) activity with files on servers and endpoints.

Behavior-Based Detection: CTE-RWP does not rely on signatures of known ransomware. Instead, it monitors active processes for abnormal I/O activity that is typical of ransomware.

Malicious Activity Identification detects activities such as:

Excessive and rapid access to data and its encryption/overwriting.

Unauthorized exfiltration of data.

Malicious impersonation of a user or process.

Real-Time Response: Allows administrators to set a response to detected suspicious activity – either alerting or immediately blocking the process before it can complete data encryption.

Reliable Remediation: Blocks ransomware activity, even if the malware has entered the system unnoticed.

Critical Data Point Protection (GuardPoints)
CTE-RWP is applied to so-called GuardPoints – specific directories, files or volumes that contain sensitive and critical data.

Targeted Protection: An organization identifies the most important data points (e.g. file servers, databases) and applies CTE-RWP protection to them, ensuring that this data is actively monitored against ransomware threats.
File Server Protection: Extended use to protect file servers with sensitive data, even in network environments (e.g. CIFS/SMB/NFS).

Trusted Processes Whitelisting
Organizations can define a list of trusted processes within CTE-RWP.

Trusted Application Exclusion: Trusted applications (e.g. backup software, antivirus, or database systems) that inherently perform a large number of I/O operations are excluded from ransomware protection monitoring. This prevents false positives and ensures the smooth running of legitimate business operations.

Application Integrity Assurance: In combination with a full CTE (CipherTrust Transparent Encryption) license, integrity checks and digital signatures of binary files can be set up, minimizing the risk of compromising trusted processes.

Strengthen Comprehensive Security (In Combination with CTE)
While CTE-RWP works as a standalone protection against ransomware behavior, organizations often use it in conjunction with the full CipherTrust Transparent Encryption (CTE) product to create a more robust defense.

Data at Rest Encryption: CTE provides Data at Rest Encryption. Even if a ransomware attack succeeds (which is unlikely with CTE-RWP), the encrypted data is worthless to the attacker, as they cannot monetize it even by threatening to disclose it.

Access Control: CTE enables strict access control based on policies that define which applications and users are authorized to access and encrypt/decrypt protected data. This blocks unauthorized processes and users from manipulating sensitive files.

This is a standalone connector, without the CipherTrust Manager unit the connector itself is not functional. The price includes one year of Thales Enhanced Maintenance.